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(54) Packet switched system 

(57) End-to-end encryption of traffic in packet networks presents difficulties due to the discontinuous 
va iable 0 IV) e durinn hi > P T S6 H l meth ° d l H eSe difficulties are overcome by sending an initialisation 

1 ,k 9 tl8 i ° Settm9 and comrollin 9 the clocking information such that at each end the 

Sp In rh e " C ; y P t,0n 1 or decryption is started at the beginning of the information field and stopped at 
the end thereof. Thus when the next packet is sent, both cryptos are correctly set 
This avo.ds the need to send such information with each packet, as called for in some known systems 
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Fig. 1. 
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Fig. 2. 
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SPECIFICATION 
Packet switched system 

5 * Jv£eZ enti °V e l ateS t0 data transmission 

noil ' V ' a tW ° ° r more changes or 

Security is essential in some cases of ™ m 
mun lca t ion of information Tough net wlk S 

15 sacTons r, L!°: data r6 ' atin9 10 ^^an- 
t?Zl ' e,ectron,c "»» etc. Security involves 
such aS p ects as authenticatj a Ze7s to 

SrT s at 3"H aUthentiCati0n ° f data sent by sig- 
ra t e P rote «ion of traffic from deltoe 

The arrangement to be described herein re. 

~° rks b V »™9ing the data ITulZ for- 
™ such that data link control and eTror de- 
30 tection information is in the frame Frame. 
£"» 1 con<: »«"»«<l » form a cont ZJs 

each ,™m^h 0, ' m0 ™ *«*>■ * 9™P. 
lenath SI T'" 9 *>»*<"■•<> "V » variable 

-r,„e7 9 ^^^ 

transmissions are Interposed' 

40 *™£^jrz^ 0 7z sax r: on,v 

^s.ra,T-s~L 

the receiving end to load the decrvnt^n !i 
SS^Sn^ 
50 cet r r nt '' nterVa ' S at tr-n.mitS'S?^ 

abte Tv a 2 6XiS . tS in u WhiCh an '"■•tialisation Vari- 

« 7hJ ~ ' W ' th 6ach packel a "d is used 

th ^ l ° reset ,he decryption device 

55 this S S . mamtain Whronisation Howe*™ 6 
s& this has limitations including- uvv ever. 

(a) The standard frame format e a XOr ro 
juires modification to accommod^^ddt 

. (0 When C onti gu oCs th p e acS n a 9 re 2^?" 
increased overhead may involve an increase in 

ceedT/f transmission ™* which ma y ex 
ceed the constraints of the system 

65 A variation exists in which the IV is sent 
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£k£ !f it LnH PaC '? et / nd With needing 
52?S 1 and ° n, Y lf ' *e duration between 
packets exceeds the duration of the IV Thi 

crypt.on and decryption operation - to the 
endof S ; a hI e 'H in r hich at the ending end the 
commencem e m d of Th*" 6 "** a ™» contro.fthe 

c^e^ 
95 and the start of the^SS^reS: 

packet^he ° e n n C ° Perati0n ' S ° that b «™™ 
packets the encryption and decryption on Pr 

Emh „T St ° PPed " 6Xact, V InSi states 
100 - -woe 

drawings, in whS Fig Yf s a simS^" 9 
vTnt 0 ° f ^ ° f 3 te - j -l embody'inglh'n 6 " 
digram Wh " e ^ 2 ta a " "P ta "U flow"" 
105 The present method enables the oackPti^H 
traffic to be so encrypted that the contro 

throughput of , transmission" s o for 

SioT,rnor:a,^r d 

though a b,t synchronous bearer may be 
used) and that packets can be of variable 

ish 9 ment n o d f 7^ D ^9 X'ttab- 

1 on " snment of a connection— virtual or real 

KvSEf l re8Ched ° n the need t° 4ly 
encryption, the necessary key parameters be 

sent e wi?h n t 9 h ed - ^ ^'^"sat^varTab e L 
reset TL ' M exchan 9* and is used to 
125 ^V^S^^o, devices 

the commencement of the encrypted data 




tion. At the end of the encrypted data, the 
clocks are interrupted, thus stopping both 
crypto devices at the same position. The suc- 
cessive packets cause the cryptos to restart 
5 and stop respectively at the beginning and 
end of each encrypted sequence of data. Thus 
since the cryptos always restart from the 
same position in which they were stopped, 
synchronism between the encryption and de- 

10 cryption devices is generally maintained. 

If an external agency disturbs this synchron- 
ism, the loss is detected by normal error de- 
tection methods used in the system, and an 
error message is returned to the sending end 

15 to request a new initialisation variable, and re- 
peat of the data. 

A variation of the present method involves 
the use of so called 'fast select' procedures in 
which the whole of the information is in a 

20 single packet together with the required ad- 
dress and control information. In this case, the 
type of packet is identified by a 'facility' code 
and the encryption and initialisation parameters 
are within fields preceding the information 

25 field. Thus the decryption device is aware of 
the special type of packet and having been 
appropriately set starts the algorithm process 
at the beginning of the information field. 
The present system is described as applied 

30 to a system of the internationally standardised 
X25 type, which allows for multiple logical 
channels to be associated with a single physi- 
cal link. This complicates the operation of the 
encryption unit in that between packets it 

35 needs to store the logical channel number in 
association with the appropriate state of the 
initialisation variable. Therefore, as each logical 
channel is transmitted over the physical link it 
is compared with those in store and the re- 

40 quired IV transferred into the working IV 
memory. 

Fig. 1 shows as much of an X25 based 
encryption/decryption unit as is relevant to the 
present method, the remainder of such a ter- 

45 minal following conventional practice. Informa- 
tion arriving at the unit possibly for encryption 
enters at an HDLC {high level data link control) 
unit, which among other functions extracts 
any control information for the link control LC 

50 and network control NC blocks. The informa- 
tion passes from the HDLC block to a buffer B 
for temporary storage. From here it passes, 
under clock control, to a crypto unit CU from 
which the packets, with their information fields 

55 encrypted if needed, pass to another HDLC 
unit for transmission. 

Associated with the crypto unit CU, there 
are a key unit K from which the crypto key is 
obtained, both when the unit CU is encrypting 

60 and also when it is decrypting. Also we have 
the initialisation variable (IV) generation unit 
IVU; when a call is set up under control of 
the microprocessor MP, the call setting infor- 
mation which is initially sent includes encryp- 

65 tion keys and an initialisation variable. This 



GB2 168573A 2 



notifies the called end as to whether or not 
the message to be sent is encrypted, this be- 
ing determined from part of the message as it 
arrives via the first HDLC block. 

70 The clock is so set, under microprocessor 
control, that when the first packet is sent, the 
crypto unit CU is enabled at the commence- 
ment of its information field, and is stopped 
at the end of that field. 

75 At the called end, which is similar to what 
is shown, the initialisation variable is passed 
via the link control LC thereat to the micropro- 
cessor and clock thereat, so that the micro- 
processor sets the called end s crypto for the 

80 desired encryption. In addition, when the first 
packet arrives, the clock is enabled so as to 
start the crypto unit at the commencement of 
the information field and to stop at the end 
thereof. The initial call setting operations will, 

85 of course, in accordance with normal practice, 
have resulted in the clocks at the two ends 
having been brought into synchronism. 

Thus when the information field of the first 
packet ends, we have both crypto units 

90 clocks stopped at the same point. When the 
next packet is sent, both clocks are started at 
the start of the information field, and they 
both start from the same point in time. Thus 
encryption and decryption take place, with the 

95 clocks, and thus the crypto devices starting 
from the same point. When the information 
field ends, both clocks again stop. Hence the 
system only needs one initialisation variable 
per multipacket message. 
100 To express the system in a slightly different 
manner, we have the following summary, 
which should be studied in conjunction with 
the flow diagram, Fig. 2. note in Fig. 2 that 
the two blocks marked with asterisks are not 

105 required in a single channel system. 

(a) What is Required 

A packet communication system using pack- 
ets with defined headers and tails, which sys- 
110 tern has encryption and decryption at each 
end, and has clock control at each end. 

(b) How the System Operates 

(1) Set up end-to-end connection. 
115 (2) Transfer IV (keys may also be transferred). 

(3) Encryptor and decryptor static and may be 
headed with IV. 

(4) Send packet. 

120 AT EACH END: 

(5) Detect end of header. 

(6) Start clock and encryptor/decryptor at 
commencement of information field. 

(7) Detect start of tail. 

125 (8) Stop clock and encryptor/decryptor at end 
of information field. 

THEN 

(9) Encryptor/decryptor static and loaded with 
130 some variables. 
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ThST* '? t0 (8) for next Packet, 
to hi ?■ ! b ° Ve method Pennits encryption 

through a packet network without the need to 
sjgn.f.cantly alter the traffic flow. It has the 
following advantages: 

mitL« n r VP I i0n kGy and in '«a'isation para- 
proceduJet * ' nCOrP ° rated int ° ca » 

(b) Encryption parameters are not required 

(c) The encrypted packet may be 

« sssrs ,r h 4s s T=: a dL ond ,or *• — 

packet. corresponding unencrypted 

2 (HDLr? re , qUired l ° amend existin 9 Level 
£„? ? l , 6 f ° rmats and amendments to 
higher level procedures are easily accommo- 

paS!e2ed m V oK d '' 8 particu,ar,v applicable to 
pacKetised voice communication where real 
time integrity is of importance and Skets are 

roil! T f he method can be applied to data al- 
ready formatted into standard packets e g 

(g) The method is compatible with the re- 
quirements of "fast select' operation 



20 



25 



30 

CLAIMS 

1. A data transmission system of the 
packet switched type, in each message 

35 £t transmitted insists of one or more 9 
35 data packets each having a header anfnL 
mation field which may L encrypted an d a " 

operation and in which at the receiSg^nd 

ation and the start of the talf 
stop the decryption operation, so that be 
tween P a ckets the encryption and decryption 
states ^ St ° PPed in 6xact, V simile^ 

tamed w.th.n a single packet. 
4. A system according to claim 1 ? „ r -5 
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end of a packet in the static state the crvoo 
graphic vanables are transferred to m S 
and during the header of the next oLket thi 

to be , ransm , lt8d co „ s(s(s ™«ag. 

the receipt of the initialisation vl,ab f sets the 

at?7o P rH meanS IO itS initial «ate appropri 6 
ate to the decryption of the packets to dp 

so .^^rff^saH- 

term,n a t, 0 n of the information field of a packet 
95 Ho??- r6Ce,Ved and decr VPted leaves the 

s art oTthT?? ,n 3 StatS a PP^°PHate to the 
start of the information field of the next 
packet, whereby the initialisation variable is 
tnLtT. ? nC6 f ° r 3 multi Packe? message 
,0Q et s S6Parate fr ° m the ^^sage pack- 

6. A data transmission system of the 
packet-switched type substantias de- 

^rgs^" referenCe t0 ^ a ~Ving 
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